[Qemu-devel] [6278] Fix race in POSIX AIO emulation (Jan Kiszka)

[Anthony Liguori]

Revision: 6278
          http://svn.sv.gnu.org/viewvc/?view=rev&root=qemu&revision=6278
Author:   aliguori
Date:     2009-01-13 15:13:53 +0000 (Tue, 13 Jan 2009)

Log Message:
-----------
Fix race in POSIX AIO emulation (Jan Kiszka)

When we cancel an AIO request that is already being processed by
aio_thread, qemu_paio_cancel should return QEMU_PAIO_NOTCANCELED as long
as aio_thread isn't done with this request. But as the latter currently
updates aiocb->ret after every block of the request, we may report
QEMU_PAIO_ALLDONE too early.

Futhermore, in case some zero-length request should have been queued,
aiocb->ret is never set to != -EINPROGRESS and callers like
raw_aio_cancel could get stuck in an endless loop.

Fix those issues by updating aiocb->ret _after_ the request has been
fully processed. This also simplifies the locking.

Signed-off-by: Jan Kiszka <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>

Modified Paths:
--------------
    trunk/posix-aio-compat.c

Modified: trunk/posix-aio-compat.c
===================================================================
--- trunk/posix-aio-compat.c    2009-01-12 21:33:22 UTC (rev 6277)
+++ trunk/posix-aio-compat.c    2009-01-13 15:13:53 UTC (rev 6278)
@@ -81,21 +81,16 @@
             if (len == -1 && errno == EINTR)
                 continue;
             else if (len == -1) {
-                pthread_mutex_lock(&lock);
-                aiocb->ret = -errno;
-                pthread_mutex_unlock(&lock);
+                offset = -errno;
                 break;
             } else if (len == 0)
                 break;
 
             offset += len;
-
-            pthread_mutex_lock(&lock);
-            aiocb->ret = offset;
-            pthread_mutex_unlock(&lock);
         }
 
         pthread_mutex_lock(&lock);
+        aiocb->ret = offset;
         idle_threads++;
         pthread_mutex_unlock(&lock);